Results 1 to 1 of 1

Thread: Suspend Thread and Resume Thread

  1. #1
    ring0
    Guest

    Suspend Thread and Resume Thread

    Hi,

    Earlier i had raised a question on NtSuspendProcess.
    I wanted to use this function in one of my projects to suspend a process.
    But, as this function is not documented, i decided not to use it.
    This is because MS may decide to remove this function(undocumented) in future OS version or even service packs.

    Jeffrey Ritcher has written a function, using ToolHelp API's, that iterates through the threads of a process and suspend them individually.
    He makes use of the documented functions SuspendThread and ResumeThread for the same. I am making use of this function now.

    function defn:
    int SuspendProcess(DWORD dwProcessID, BOOL bSuspend)
    {
    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, dwProcessID);
    if (hSnapshot != INVALID_HANDLE_VALUE)
    {
    THREADENTRY32 te32;
    te32.dwSize = sizeof(THREADENTRY32);
    BOOL bThread = Thread32First(hSnapshot, &te32);
    do
    {
    if (te32.th32OwnerProcessID == dwProcessID)
    {
    HANDLE hThread = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te32.th32ThreadID);
    if (hThread != NULL)
    {
    if (bSuspend)
    SuspendThread(hThread);
    else
    ResumeThread(hThread);
    }
    CloseHandle(hThread);
    }
    } while(Thread32Next(hSnapshot, &te32));
    CloseHandle(hSnapshot);
    }
    return 0;
    }

    My question:
    Is it safe to use SuspendThread/ResumeThread? I've read some blogs that says SuspendThread may lead to deadlocks. A deadlock might occur if SuspendThread is used for synchronizing threads within the same process.
    But in my case, i am not using SuspendThread function for synchronization.
    Instead, i am suspending all threads of another process. Should i be worrying of a dead lock scenario?

    Also, what do you feel should be the order of thread resumption?
    Is it necessary to resume the threads in the reverse order of suspension or does it not matter at all.

    Thanks,
    Ring0
    Last edited by ring0; January 18th, 2009 at 04:14.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Question on Thread.
    By cridia in forum OllyDbg Support Forums
    Replies: 2
    Last Post: June 15th, 2005, 06:43
  2. Thread entry point
    By diplot in forum OllyDbg Support Forums
    Replies: 3
    Last Post: May 9th, 2005, 05:23
  3. TCB - Thread control block
    By Necr0Potenc3 in forum OllyDbg Support Forums
    Replies: 1
    Last Post: June 13th, 2004, 23:03
  4. Can't Resume Thread
    By Anonymous in forum OllyDbg Support Forums
    Replies: 1
    Last Post: November 25th, 2002, 11:45
  5. Thread and DEBUG context
    By SV in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: January 14th, 2001, 06:02

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •